locked
Is it a good idea to create another User Belonging to the Administrator Group? RRS feed

  • Question

  •  

    This issue is brought about by the following observations on the WHS default installation.

     

    1. There is only one administrator - that is the default administrator and whose password is the WHS password.

     

    2. Only the  members of the adminstrators and the power users group can logon interactively - that is login directly from the HomeServer Computer. All others are denied with the message ".. account cannot interactively login.."

     

    3. Only the administrator can do Remote Desktop Connection to the HomeServer, all others are denied.

     

     4. Administrator password can be changed in the following ways:

        A. From the HomeServer

         i. Administrator login interactively and change the password from the MMC snap-in Users Account.

         ii. Via the Windows HomeServer Console by changing the password in the Windows Home Server Settings

        

       B. From any HomeComputer

        i. Remote desktop to the HomeServer  and do the same as in 4A.

        ii. Run Windows HomeServer Console and changing the password in the Windows Home Server Settings  and then changethe password in the Windows Home Server Settings

       iii. Web Access - via Windows HomeServerConsole.

        

     5.  To gain access to the HomeServer without interactively logging in requires the use of the terminal services.

     

     6. There are only two instances and /or licenses allowed for the Terminal Services allowed in Windows Home Server. If you have two of these licenses activated, any other additonal connection either by remote desktop connection or windows home server console will result in denial with the message  ".. terminal license have been exceeded .."

     

    7. The Windows Home Server Console in the HomeServer can only be run by members of the administrator and power user groups. The password is not required when the Windows Home Server Console is run at the HomeServer Computer. If by chance, any other user is allowed to login interactively at the HomeServer, these users who do not belong to the administrator and power user groups cannot run the Windows Home Server Console.

     

     

    As a result of the above, the following question was raised.

     If the administrator password is misplaced, lost or forgotten, and the password reset disk cannot be found or misplaced or lost, how can you gain access to the HomeServer? 

     Without administrator's password, the HomeServer can still do the automatic backups and the HomeUsers can still initiate manual backups. However, no backup restore or view would be available.

     We are aware that there is the "forgotten password" functionality in Windows Home Server Console which at this time is not yet implemented. Would this be the solution for gaining access to the HomeServer?

     

     Or is there a backdoor solution built in?

     

    Because of the above, we are considering setting up another user to be a member of the administrator group in addition to the default administrator. This would allow us  an option to gain access to the HomeServer in the event the default administrator cannot login.

     

     Or is it better to setup a User who belongs to the PowerUsers Group which would limit his administrative privileges. Any member of the PowerUsersGroup has the ff. rights

     a. Login interactively in the HomeServer.

     b. Cannot do a remote desktop connection.

     c. Can run the Windows Home Server Console without being prompted for the administrator's password. By virtue of this, he can change the administrator/HomeServer password via the Windows Home Server settings.

     

    Any suggestion.

     

     

     

     

    Wednesday, March 28, 2007 1:58 AM

Answers

  • "Forgotten password" would simply be showing you the Password Hint that you provided while setting the admin password. (coming post Beta)

     

    Even after that if the password cannot be retrieved, the server will have to undergo the Factory reset process.

     

    Adding another Administrator account would be a good idea too... (that is, as long as that password is not forgotten )

    Wednesday, March 28, 2007 2:15 AM
    Moderator